Shulou(Shulou.com)06/01 Report--

Examination questions website: http://www.shiyanbar.com/ctf/1871

0x01

First we get a hello.dex file, and to decompile it into a smali file, use the tool baksmali,cmd command: java-jar baksmali-2.0.3.jar-o class/ Hello.dex to generate a folder in the current directory with a hello.smali code like this:

.class public LHello;.super Ljava/lang/Object;.source "Hello.java" # direct methods.method public constructor () V .registers 1 .prologue .line 1 invoke-direct {p0}, Ljava/lang/Object;- > () V return-void.end method.method public static main ([Ljava/lang/String;) V .registers 5 .prologue .line 7 new-instance v0, LHello; invoke-direct {v0}, LHello -> () V .line 8 sget-object v1, Ljava/lang/System;- > out:Ljava/io/PrintStream; / / v1 store the reference const/4 v2 of the out object, 0x5 / / assign the 32-bit extension of the 5 symbol to v2 const/4 v3, 0x3 / / assign the 32-bit extension of the 3 symbol to v3 invoke-virtual {v0, v2, v3}, LHello -> foo (II) I / / call the function foo move-result v0 / / assign the result of the function to v0 invoke-virtual {v1, v0}, Ljava/io/PrintStream -> println (I) V / / printout v0.line 9 return-void.end method# virtual methods.method public foo (II) I. registers 5 .prologue .line 3 add-int v0, p1, p2 / / v0=p1+p2 sub-int v1, p1, p2 / / v1=p1+p2 mul-int/2addr v0, v1 / / v0=v0*v1 return v0.end method. So the analysis can be carried out.

0x02

First of all, a little bit of science popularization here, Android programs are run by Android virtual machines, Dalvik virtual machines have two different register representation methods, p naming and v naming, if a function fun () uses five registers, two explicit parameters, and this method is a non-static method, so an implicit fun object reference is passed in when called, so there are three parameters The first two registers are used for local variables, and the last three parameters are used, which are v0magentin v2p0p1, in which p0 is passed into the reference of the object.

Then talk about the type of Dalvik bytecode, the method and the field representation method:

1. Type:

V--void Z--boolean B--byte S--short C--char I--int F--float

D--double L--java type [--array type

The java type is generally LpackageName/name/Objname to represent the specific object, for example, Ljava/lang/String is equivalent to java.lang.String

two。 Methods:

Lpackage/name/Objname;- > MethodName (III) Z

III represents three integer parameters, and Z indicates that the return value is Boolea.

3. Field:

A field consists of a type, a field name, a field type, and a separation between the field name and the field type

# instance fileds instance field

# static fields static field

Some basic grammars:

The .prologue method starts

Invoke-direct calls function

The return-void function returns void

End method function ends

New-instance creates an instance

Iput-object object assignment

Iget-object calling object

So the final result is (5-3) * (5-3) = 16

Of course, it's easier to see here that it's easier to decompile directly to jar and then disassemble it to java code:

Import java.io.PrintStream

Public class Hello

{

Public static void main (String [] paramArrayOfString)

{

Hello localHello = new Hello ()

System.out.println (localHello.foo (5,3))

}

Public int foo (int paramInt1, int paramInt2)

{

Return (paramInt1 + paramInt2) * (paramInt1-paramInt2)

}

}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.